Proxy Scanner

Content

Information about the Proxyscanner

When are we scanning?

Any client connecting to the euIRC network will be scanned for insecure connections originating from open TCP ports.If you are running a firewall, these scans may be detected as attacks against you. However, we assure you that these scans are harmless. You are free to either accept these scans and warnings associated with them as a necessity or to stop connecting to the euirc network.

To correct a rather popular misunderstanding, we would like to point out that it is not sufficient for the Proxyscanner to simply find an open port to deem your host as insecure. In a simplified way, the Proxyscanner requests that your system let the scanner connect to some remote internet resource. If the system tells the scanner "OK" it is considered insecure due to the risk of abuse by a third party. These vulnerabilities could quite possibly be abused not only for attacks on every internet service and content provider but also for use in illegal activities. For your own protection, you should prevent such situations from occurring.

Where are we scanning from?

If you are using a firewall alerting you on scanning events you might want to configure the firewall to accept/ignore the ips/subnets underneath:

IP/Subnet

Hoster

83.137.41.33

nemox.net

151.189.0.165

Arcor Online GmbH

212.40.5.191

VTX Datacomm AG

212.6.106.76

EWE TEL GmbH

How can I find my open proxy?

If you don't know which port is affected and which kind of proxy was found, you can use our online Proxy Check.

Fixing problems

Protect your proxy against remote exploit and use from the internet. If you happen to use one of the following proxies or your proxy is not being supported any more, please set up a firewall that blocks the corresponding ports from hostile access attempts, though allowing use of the proxy in local networking environments.

AnalogX

If you are using AnalogX, please keep this software up to date (http://www.analogx.com/contents/download/network/proxy.htm) and provide its configuration (menuitem configure) with the following pieces of information: Proxy Binding: Enter the LAN ip of your workstation. Your ip can be searched out by following these steps:

Apache

There is a bug on Apache webserver (all versions). If you see positive results for HTTP CONNECT on your webserver, you should update your webserver's configuration to block all HTTP CONNECT requests. For more information concerning this bug, please read http://bugs.php.net/bug.php?id=19113.

CacheFlow/BlueCoat

If you are using CacheFlow, again, please keep this software up to date and create a so called ACL (access control list) which will be used by the proxy and comprises of addresses and address ranges that are allowed to use the latter. To do so please create a configuration file and enter the following block:define acl myusers
nnn.nnn.nnn.nnn/bb
end acl myusers
ALL acl=!myusers service=no cache=nonnn.nnn.nnn.nnn equals your Internet Address (IP), bb equals the number of bits which do not change in your IP, 192.168.0.0/24 would equal 192.168.0.0-192.168.0.255

Upload this file to an arbitrary http webserver and make sure, your proxy is able to access this file. Next go to the proxy's administration page and enter the location/URL of the initially created configuration file under Maintenance -> Filters -> Local File. Finally press the Install button to keep these settings.